[00:04.310 --> 00:07.190]  Welcome back to the Hacking Career Village. We're
[00:07.190 --> 00:12.370]  just so excited that we've had so many great presentations these two days.
[00:12.370 --> 00:15.370]  I really want to thank all of our speakers for taking the time to
[00:15.370 --> 00:18.570]  pre-record these discussions and then being available
[00:18.570 --> 00:22.470]  in Discord to be able to answer your one-on-one questions.
[00:22.470 --> 00:26.370]  Today we have a good friend from the Twittersphere,
[00:26.370 --> 00:30.550]  Roy Watanason, who is going to talk a little bit about the key
[00:30.550 --> 00:35.030]  ingredients for job interviews, which are very important these days because
[00:35.030 --> 00:37.690]  once you get through all of the search and you
[00:37.690 --> 00:41.470]  finally get that interview, you want to make sure you're on top of
[00:41.470 --> 00:46.950]  your game for that. So Roy, take it away. Great, thank you. Thank you very much,
[00:46.950 --> 00:50.810]  Kathleen, and actually the Career Hacking Village.
[00:50.810 --> 00:54.070]  This is, I think, this is the first time this year. So first off,
[00:54.070 --> 00:57.570]  thanks to Kathleen and the entire team for
[00:58.150 --> 01:02.870]  having this opportunity as well. And also just wanted to thank everyone
[01:02.870 --> 01:06.850]  for tuning in today. So yeah, first off, I'm going to kind of
[01:06.850 --> 01:11.130]  talk about the key ingredients for job interviews, whether virtual or
[01:11.130 --> 01:14.990]  face-to-face. The first thing that I always like to do
[01:14.990 --> 01:18.850]  in all my presentations is that I don't accept responsibility
[01:18.850 --> 01:23.730]  for any of the, liable for any of the actions or if I have any inaccurate
[01:23.730 --> 01:26.950]  information as well. And of course, the presentation doesn't
[01:26.950 --> 01:30.130]  represent any of the organizations that I have
[01:30.130 --> 01:33.550]  worked for. And of course, this is not, this is
[01:33.550 --> 01:38.270]  absolutely not a one-size-fits-all at all. And again, it depends. It's very
[01:38.270 --> 01:42.850]  contingent on the individual, individuals as well. So
[01:42.850 --> 01:47.470]  first off, yeah, who am I? Healthcare professional, etc. Yeah,
[01:47.470 --> 01:51.010]  basically taught at Brandeis University for over 10 years, created the
[01:51.010 --> 01:56.090]  program there. And yeah, I really enjoy data forensics, incident response,
[01:56.090 --> 01:59.390]  healthcare security, application security, and IoT, Internet of Things.
[01:59.390 --> 02:03.070]  Obviously, the picture that you see on the right bottom
[02:03.070 --> 02:07.590]  is actually not my picture. There's a great website based on
[02:07.590 --> 02:10.990]  machine learning and artificial intelligence that actually creates
[02:10.990 --> 02:15.210]  different images of people based on, you know, different things as
[02:15.210 --> 02:18.270]  well. And it's not a real person at all. So you can actually go to that link to
[02:18.270 --> 02:22.750]  get more information. So the agenda for today is, actually, I
[02:22.750 --> 02:25.590]  thought that these were the
[02:26.370 --> 02:30.350]  steps in regards to preparing for the job
[02:30.350 --> 02:33.730]  interview or being more successful at it. Number
[02:33.730 --> 02:36.570]  one, we're going to talk about the preparation stage.
[02:36.590 --> 02:40.630]  Number two, about looking great because you always have to look good.
[02:40.630 --> 02:44.510]  Doesn't matter if it's virtual or a face-to-face presentation.
[02:44.650 --> 02:48.870]  Resume review, we'll talk about that too. And really exuding confidence.
[02:48.870 --> 02:53.650]  The more confidence, the better as well. And also talk about some
[02:53.650 --> 03:00.130]  note-taking strategies as well. And also asking back.
[03:00.370 --> 03:03.930]  Not only do you keep answering questions,
[03:03.930 --> 03:07.970]  you should also ask a lot of questions too. We'll talk about that too.
[03:07.970 --> 03:10.670]  And I actually added one more thing too. And
[03:11.130 --> 03:14.870]  the other one was trying again. We'll talk more about that and really to
[03:14.870 --> 03:20.030]  address any specific questions as well. So first off, during the preparation
[03:20.030 --> 03:23.490]  stage, think about when you're on
[03:23.490 --> 03:29.290]  engagements or a project. Or actually, let's say you're doing some
[03:29.290 --> 03:32.930]  kind of lead teaming, red teaming, penetration test, etc.
[03:32.930 --> 03:38.070]  You want to really do a reconnaissance on the opportunity or the job offer.
[03:38.070 --> 03:42.230]  Remember that it's not a one-size-fits-all. Things that are advertised
[03:42.230 --> 03:47.150]  in the job description are sometimes not always the things that
[03:47.150 --> 03:51.230]  you or the candidates or the individual is going to do.
[03:51.230 --> 03:55.490]  So you want to prepare as much as possible. So like what I like to say is
[03:55.490 --> 03:59.330]  kind of doing your reconnaissance on the opportunity,
[03:59.330 --> 04:03.250]  talking to people inside the company, or if you know anyone
[04:03.250 --> 04:07.690]  in your social networking profiles, etc. or your conferences,
[04:07.690 --> 04:11.710]  talk to people that may know people in the company. Because chances are
[04:12.350 --> 04:17.850]  you'll get a much more in-depth overview of the company and the
[04:17.850 --> 04:22.290]  opportunity that you are applying for. Also at the same time, for those of you
[04:22.290 --> 04:25.970]  who are virtual, just like as we are having physical
[04:25.970 --> 04:29.570]  face-to-face conversations during the interview,
[04:29.570 --> 04:32.130]  etc. For those of you that are virtual,
[04:32.130 --> 04:35.750]  especially during these times, you want to ensure that you test all
[04:35.750 --> 04:40.270]  your equipment, lighting, etc. and do that ahead of time too.
[04:40.270 --> 04:44.670]  Also at the same time, prepare yourself not only on the specific technical
[04:44.670 --> 04:48.150]  questions and non-technical requirements. I like
[04:48.150 --> 04:51.790]  to call this like doing your homework. Think about things
[04:51.790 --> 04:56.250]  outside the box and also try to look at the different
[04:56.250 --> 05:00.230]  non-technical skills like the communication skills,
[05:00.230 --> 05:04.290]  teams building skills, additional leadership skills as well.
[05:04.290 --> 05:07.550]  If you don't have the experience, you can substitute it by
[05:07.550 --> 05:12.690]  relevant coursework, you know, for those of you in school, etc. or part-time
[05:12.690 --> 05:18.270]  and some other, you know, other opportunities like taking a class
[05:18.270 --> 05:21.830]  online, for example, etc. Remember that presenting to
[05:21.830 --> 05:26.270]  different audiences is a very key ingredient.
[05:26.370 --> 05:29.750]  Not only presenting to technical people, but also
[05:29.750 --> 05:33.050]  presenting to non-technical people as well. And also
[05:33.050 --> 05:37.390]  what I, in addition to doing your reconnaissance on the opportunity or
[05:37.390 --> 05:40.150]  opportunities, performing your own risk assessment
[05:40.730 --> 05:46.550]  on the opportunity, job, job offer, etc. requirements and giving it a grade
[05:46.550 --> 05:49.590]  because just like as we're doing risk assessments on
[05:49.590 --> 05:53.630]  because every security, etc. is all about risk assessment even though there's so
[05:53.630 --> 05:57.950]  many different areas in it.
[05:57.950 --> 06:00.790]  Give it a grade. Maybe you have kind of like a spreadsheet
[06:00.790 --> 06:04.570]  that talks about the kind of the different things, location,
[06:05.150 --> 06:09.590]  environments, interviewing with different people that are there,
[06:09.590 --> 06:13.550]  external factors, for example, and other things,
[06:13.550 --> 06:19.630]  unknowns as well, things like that. Next is always about looking great. I
[06:19.630 --> 06:23.210]  can't stress this enough, but always trying to look good, present
[06:23.210 --> 06:26.570]  yourself in a way that even if the requirement
[06:26.570 --> 06:30.110]  says dress casually, you probably, you always
[06:30.110 --> 06:33.670]  probably want to show up in something that you're comfortable in,
[06:33.830 --> 06:36.810]  a business casual suit, it all depends as well.
[06:36.810 --> 06:39.530]  Even if it's virtual or face-to-face, remember
[06:39.530 --> 06:43.450]  when especially during these times when there are a lot of these virtual
[06:43.450 --> 06:46.970]  interviews now, you also want to be prepared for that in
[06:46.970 --> 06:49.690]  terms of looking your best, looking at the lighting,
[06:49.690 --> 06:52.250]  looking at your camera, looking at your sound as well,
[06:52.250 --> 06:57.510]  and practice makes perfect, you know. So the more you do it, the more you get
[06:57.510 --> 07:02.270]  better at it as well. Next is also talking about the kind of
[07:02.270 --> 07:06.470]  resume review. And I like to say that this, the resume
[07:06.470 --> 07:11.230]  review can be in different parts. It can be kind of the first step is
[07:11.230 --> 07:15.170]  really tailoring your resume even before applying for the job
[07:15.790 --> 07:21.730]  application or the job, for the job opportunity for example.
[07:21.930 --> 07:24.870]  Tailoring your resume so that
[07:25.310 --> 07:29.090]  it actually shows what you've accomplished. I always like to say that
[07:29.090 --> 07:33.490]  honesty is the best policy. If you don't know something, you can always say that
[07:33.490 --> 07:38.390]  it's something that you want to learn and also that maybe there are some
[07:38.390 --> 07:42.970]  additional courses or open source projects and software that
[07:43.540 --> 07:47.430]  that actually you can contribute to. It shows a lot of passion.
[07:47.530 --> 07:51.530]  It also, at the same time, you know, I also like to say is that
[07:52.120 --> 07:55.410]  the resume gets you into the door, but the interview,
[07:55.410 --> 08:00.830]  interviews are where the interviewers and the organization gets to know you.
[08:00.970 --> 08:04.750]  And it's a great thing too. And what I also like to say is
[08:04.750 --> 08:10.250]  again, as an individual that also reviews a lot of resumes
[08:10.760 --> 08:14.790]  when building the team, etc., you want to do something that
[08:15.330 --> 08:18.690]  people haven't done before. Obviously, you want to follow
[08:18.690 --> 08:22.270]  all of the resume guidelines. For example,
[08:22.270 --> 08:26.150]  you know, the number of pages, etc., based on your experience as well.
[08:26.150 --> 08:30.250]  But also at the same time, thinking outside the box, trying to do something
[08:30.250 --> 08:33.990]  that's different. So, for example, when let's say you apply
[08:33.990 --> 08:38.350]  for, give you an example, let's say you apply for an engineering job.
[08:39.770 --> 08:43.950]  Obviously, there are going to be a lot of engineering requirements
[08:43.950 --> 08:48.450]  and technical skills and verbal and communication skills as well.
[08:49.130 --> 08:54.590]  As someone that looks at resumes, I would say a lot too as well and
[08:54.590 --> 08:58.090]  looking to build a team, I would also stress that
[08:58.090 --> 09:01.530]  adding different things that can have you stand out
[09:01.530 --> 09:04.970]  from another individual. Because when you think about it,
[09:04.970 --> 09:09.650]  the organizations are always looking at potential candidates. What are some
[09:09.650 --> 09:13.610]  things that can make you stand out? For example,
[09:13.610 --> 09:17.370]  number one, maybe you may not have as much experience, but
[09:17.370 --> 09:20.330]  it's a great opportunity. It looks like it's a great opportunity.
[09:20.330 --> 09:24.470]  The first thing that you can do is participate
[09:24.470 --> 09:31.010]  in either conferences or volunteering or other projects, especially
[09:31.010 --> 09:33.710]  specifically open source projects that you can
[09:33.710 --> 09:37.270]  contribute to. It shows a lot of passion as well and,
[09:37.270 --> 09:40.590]  of course, motivation. Another thing that you can do is also
[09:41.310 --> 09:46.830]  including taking courses, especially, you know, I love to stress a lot of
[09:47.550 --> 09:53.410]  edX courses. So many opportunities now, especially now during the pandemic, that
[09:53.410 --> 09:56.250]  are free that you can take as well. Something that
[09:56.250 --> 10:00.910]  you're learning to build your skill set, basically. And remember
[10:00.910 --> 10:05.430]  that as IT professionals or information security
[10:05.430 --> 10:08.310]  professionals, and just like every other industry
[10:08.310 --> 10:11.610]  or profession, we're always developing our skills.
[10:11.610 --> 10:16.810]  And one of the main ingredients that I look for,
[10:17.310 --> 10:21.450]  thinking outside the box, a lot of people are going to answer a
[10:21.450 --> 10:23.810]  question this way or have their resume this way.
[10:23.810 --> 10:27.030]  So take a look at the job description and try to, you know,
[10:27.030 --> 10:31.010]  do like your own assessment in terms of what you can do and what you cannot do.
[10:31.490 --> 10:36.970]  And again, adding different things that where it shows more passionate
[10:36.970 --> 10:42.650]  and motivation as well to do the job, etc.
[10:42.650 --> 10:45.950]  Next, I want to talk about really exuding covenants.
[10:45.950 --> 10:50.210]  Obviously, it really depends if you're an introvert or an extrovert,
[10:50.210 --> 10:55.030]  but with preparation comes making sure that you understand the roles and
[10:55.030 --> 10:59.150]  responsibilities of the job. Not only the job, but the company.
[10:59.150 --> 11:05.290]  What's the organization's business mission, for example?
[11:05.290 --> 11:09.100]  Let's say for a healthcare company, maybe it's all about patients.
[11:09.550 --> 11:13.170]  So for example, when you're doing your job,
[11:13.170 --> 11:15.610]  or when you're part of the team doing your job,
[11:16.230 --> 11:20.930]  obviously, you don't want to be like a no team to everything.
[11:20.930 --> 11:23.210]  You know, so it has to support the business.
[11:23.210 --> 11:26.550]  And so look at the business mission as well.
[11:26.550 --> 11:32.330]  And educating yourself about not only the job details itself,
[11:32.330 --> 11:37.830]  but learning additional skill sets, etc. as well to apply on your job.
[11:37.830 --> 11:42.290]  And also preparing your questions to ask different people.
[11:42.350 --> 11:45.210]  This comes with confidence and experience too.
[11:45.210 --> 11:48.470]  Especially as you are doing more interviews,
[11:48.470 --> 11:53.470]  depending on the job opportunities. And now there are a lot of jobs opportunities.
[11:53.910 --> 11:57.250]  Prepare your questions, ask different questions to different people.
[11:57.250 --> 12:01.200]  Don't only answer those questions, but as you're doing your homework,
[12:01.650 --> 12:03.530]  getting more information about the company.
[12:03.530 --> 12:06.390]  For example, in the first stage, reconnaissance stage,
[12:06.390 --> 12:10.490]  getting to know people that are in the organization.
[12:10.550 --> 12:13.470]  Maybe there might not be like a direct link,
[12:13.470 --> 12:15.350]  but you can get some questions, etc.
[12:15.390 --> 12:18.810]  I'm going to talk about more of the questions that you should ask as well.
[12:18.910 --> 12:24.650]  And also really, when asking the questions, you want to ask open-ended questions
[12:24.650 --> 12:29.610]  so that it makes, just like the interviewer or interviewers,
[12:29.610 --> 12:31.970]  most of the time it's going to be interviewers.
[12:31.970 --> 12:35.230]  They're going to ask you open-ended questions because it doesn't...
[12:36.810 --> 12:38.810]  the interviewers don't want to have to see
[12:38.810 --> 12:41.410]  or don't want to hear like a yes or no answer.
[12:41.410 --> 12:44.850]  They want you to kind of like a scenario-based questions,
[12:44.850 --> 12:48.890]  chiming in how you think, how you apply, how you fix this problem.
[12:48.890 --> 12:52.810]  How do you negotiate when you have conflicts as well?
[12:52.810 --> 12:56.410]  So as a job applicant or applicants,
[12:56.410 --> 12:59.730]  you also want to ask these open-ended questions too,
[12:59.730 --> 13:05.610]  to have the organization open up and give you more information, not a yes or no.
[13:05.830 --> 13:09.570]  Because it will give you a lot of information in terms of,
[13:09.570 --> 13:18.570]  is this the right opportunity for you or what you're trying to do or pursue, for example.
[13:18.570 --> 13:22.930]  Because remember that just because the job description says something
[13:22.930 --> 13:28.070]  doesn't mean that it's going to be 100% what you will be doing, for example.
[13:28.070 --> 13:33.210]  And I'm not going to get into the specific job titles, etc.,
[13:33.210 --> 13:37.590]  but there's been a lot of things where, you know,
[13:37.710 --> 13:41.910]  a lot of misrepresentation around job titles, etc.,
[13:41.910 --> 13:45.370]  but that's another, that's going to be another talk.
[13:45.370 --> 13:49.190]  But just really, when you're building your confidence,
[13:49.190 --> 13:53.490]  and again, it comes with preparation, etc., and thinking outside the box,
[13:53.490 --> 14:00.090]  you can have all your pre-can open-ended questions to ask the interviewers, for example.
[14:00.090 --> 14:03.370]  So one of the things that, you know, that I do, for example,
[14:03.370 --> 14:08.590]  when preparing for the interview is, you know, I do my reconnaissance about the company.
[14:08.710 --> 14:15.190]  But usually what happens is that when the interview is scheduled, for example,
[14:15.190 --> 14:20.790]  human resources or, you know, the people, culture team, etc.,
[14:20.790 --> 14:25.290]  they send a list of all the people that are going to be interviewing you.
[14:25.290 --> 14:30.090]  One of the things that I like to do, just like, is actually go to do a reconnaissance
[14:30.090 --> 14:36.190]  and actually see what job this, the potential interviewers will do.
[14:36.190 --> 14:39.670]  Because when HR, human resources, sends you that list,
[14:39.670 --> 14:44.570]  it actually shows the individual and actually the person's title as well.
[14:44.570 --> 14:50.130]  You can kind of do your reconnaissance to see how long the individual or interviewers
[14:50.130 --> 14:53.310]  have been in the company, for example, if it's advertised in there.
[14:53.310 --> 14:57.250]  Also, you can see kind of like some of the projects as well,
[14:57.250 --> 15:02.230]  as you are kind of like creating these questions too.
[15:02.490 --> 15:06.450]  So again, it's all about when you do your homework,
[15:06.450 --> 15:08.750]  you have more confidence to ask these questions.
[15:08.750 --> 15:12.690]  But without doing your homework, you won't be able to ask the questions.
[15:12.690 --> 15:17.990]  So that's what my challenge to everyone is basically to ask those questions.
[15:18.030 --> 15:20.130]  Do your homework so that you can ask those questions,
[15:20.130 --> 15:27.390]  so that you can see if this opportunity or requisition is the right one for you.
[15:28.770 --> 15:31.210]  Next, we'll be talking about note-taking.
[15:31.350 --> 15:39.550]  So first off, I really like, I think now, based on the electronic era, et cetera,
[15:40.050 --> 15:42.650]  you can bring your gadgets, et cetera, as well.
[15:42.650 --> 15:45.290]  But make sure that, you know, again, maybe it's on vibrate,
[15:45.290 --> 15:48.070]  so it doesn't impact your interviews, et cetera.
[15:48.070 --> 15:51.670]  I still like the traditional notebook or extra piece of paper
[15:51.670 --> 15:55.270]  regarding the questions that you want to ask each individual.
[15:55.330 --> 16:01.810]  So what I usually do during the interviews is, of course, as an applicant,
[16:01.810 --> 16:06.410]  I bring an empty sheet of paper in the front and also in the back.
[16:06.410 --> 16:09.830]  I actually have all of these open-ended challenge questions,
[16:09.830 --> 16:13.850]  open-ended questions for the interviewers as well.
[16:13.850 --> 16:17.310]  And because I cover it up, because number one, you know,
[16:17.310 --> 16:19.830]  it's really like a matter of choice as well.
[16:19.910 --> 16:23.710]  But that way, the interviewers don't see that as well.
[16:23.710 --> 16:27.750]  But then because your blank page will be about taking your notes,
[16:27.750 --> 16:31.610]  really following up for what things you want to ask the interviewer,
[16:31.610 --> 16:36.990]  or maybe it's a follow-up in terms of what the interviewer said as well.
[16:37.370 --> 16:42.190]  The reason that I take notes is just so that we remember.
[16:42.190 --> 16:44.490]  What happened, the gist as well.
[16:44.490 --> 16:49.390]  And again, it's like a CYA, cover your what opportunity as well.
[16:49.390 --> 16:52.010]  If not, he said, she said, etc.
[16:52.010 --> 16:55.810]  So that it's all captured in your notes as well.
[16:55.970 --> 17:01.350]  But I also like to say that, again, note-taking is a great, great thing.
[17:01.350 --> 17:06.510]  Because sometimes during the, actually many times during the interviews, etc.,
[17:06.510 --> 17:10.750]  there's going to be times where you interview with so many people.
[17:10.750 --> 17:17.850]  Typically now for the, you know, depending on how big or how big the companies are,
[17:17.850 --> 17:23.150]  or also how global they are, typically for any information security position,
[17:23.150 --> 17:29.970]  and depending on what role you are going to be taking in the organization,
[17:29.970 --> 17:34.570]  typically you're going to be interviewed by at least one to three people.
[17:34.570 --> 17:38.910]  Or the more senior the position, seniority the position,
[17:38.910 --> 17:40.630]  the more people as well.
[17:40.690 --> 17:45.650]  For example, some of these, I've actually, I remember this many years ago,
[17:45.650 --> 17:48.950]  but don't quote me on this, but many years ago,
[17:48.950 --> 17:53.510]  probably when I was actually interviewing for like a security analyst,
[17:53.510 --> 17:59.190]  security engineer position, I actually interviewed for a healthcare hospital position.
[17:59.510 --> 18:02.830]  I interviewed for at least about five people.
[18:02.830 --> 18:05.070]  And it took most of the whole day, for example.
[18:05.070 --> 18:06.690]  So just prepare for that.
[18:06.690 --> 18:09.690]  And again, your note taking will come in really handy,
[18:09.690 --> 18:16.450]  because this will also not only help you in determining if this is the right fit
[18:16.450 --> 18:20.250]  or the right role, and to follow up with any questions that you have,
[18:20.250 --> 18:22.830]  or any questions that the interviewers have for you,
[18:22.830 --> 18:25.550]  where you might not know the answer, for example.
[18:25.610 --> 18:32.710]  It also helps into generating after every job interview, for example.
[18:32.710 --> 18:34.570]  Usually it depends.
[18:34.570 --> 18:39.910]  So there's no specific guidance on it, but send like a thank you email, for example.
[18:39.910 --> 18:42.670]  And the note taking will really help because then you know
[18:43.430 --> 18:47.650]  what you talk to each interviewer or interviewers about.
[18:47.650 --> 18:52.770]  And you can actually put some of this information in terms of your thank you notes,
[18:52.770 --> 18:53.730]  you know, blah, blah, blah.
[18:53.730 --> 18:54.870]  I'll give you an example.
[18:55.470 --> 19:02.670]  Thank you very much, Erin, Rob, Chris, Mike, Leanne, for the interview today.
[19:02.670 --> 19:05.330]  I really appreciated the time that you took.
[19:05.330 --> 19:09.490]  And then you can kind of say, you know, Leanne talked about this, blah, blah, blah.
[19:09.490 --> 19:13.130]  So it kind of shows you also as like a summary as well
[19:13.130 --> 19:17.370]  to kind of help you close the deal on the interview.
[19:18.270 --> 19:23.750]  Now, I also wanted to add, I added this because,
[19:23.750 --> 19:29.930]  well, actually, the next one was the one I added, but asking back.
[19:30.270 --> 19:36.230]  Don't just have, don't just basically answer questions as well.
[19:36.230 --> 19:38.210]  It has, it's kind of like a give and take.
[19:38.210 --> 19:42.590]  So because remember that the interviewers or the interview
[19:43.190 --> 19:50.690]  were, is trying to ascertain if you're the right individual or the right fit for the team.
[19:50.690 --> 19:53.230]  So don't just ask the questions.
[19:53.230 --> 19:57.970]  You want to kind of give and take in terms of having the interviewers ask you questions.
[19:58.010 --> 20:02.430]  But remember in the preparation stage, as you're creating,
[20:02.430 --> 20:07.670]  already created these questions based on who you're going to be interviewing with,
[20:07.670 --> 20:12.350]  you want to ask them questions too, because this is your best time to
[20:13.350 --> 20:15.870]  make sure that this is the right opportunity for you.
[20:15.870 --> 20:17.170]  Is it really true?
[20:17.170 --> 20:23.490]  Is the job description really, really, really match what is in the job description?
[20:23.490 --> 20:25.710]  For example, is it the right culture?
[20:25.710 --> 20:27.230]  Is it the right environment?
[20:27.310 --> 20:28.730]  Is it the right team?
[20:28.750 --> 20:30.170]  Is it the right people?
[20:30.170 --> 20:31.310]  Is it the right mission?
[20:31.310 --> 20:33.170]  Is this something that you really believe in?
[20:33.170 --> 20:37.430]  For example, and like, I'm not going to read it, but at the end,
[20:37.430 --> 20:41.210]  like getting to really know the real company.
[20:41.810 --> 20:44.890]  Obviously, I'm going to say, again, this is just my opinion,
[20:44.890 --> 20:47.610]  but the job description sometimes is probably most,
[20:47.610 --> 20:52.070]  sometimes just a copy from somewhere else as well.
[20:52.090 --> 20:56.470]  And sometimes the job description is not what you actually sign up for.
[20:56.470 --> 21:01.630]  And again, this is not a one size fits all, but it depends on the company as well.
[21:02.650 --> 21:05.510]  Some of these example questions, we're going to talk about that.
[21:05.510 --> 21:11.390]  I don't have everything here, but remember where I mentioned about asking open-ended questions?
[21:11.390 --> 21:15.650]  So the one thing is that some of these questions can be,
[21:15.650 --> 21:19.030]  you want to ask, you want to find out, is this too good to be true?
[21:19.110 --> 21:24.710]  Some of these open questions could be, how long was the security team been in place?
[21:24.710 --> 21:29.030]  For example, was there an information security manager?
[21:29.270 --> 21:31.790]  Why he or she?
[21:31.830 --> 21:33.130]  Was that the company?
[21:33.130 --> 21:33.990]  Did they leave?
[21:33.990 --> 21:35.030]  What was the reason?
[21:35.030 --> 21:35.510]  Et cetera.
[21:35.510 --> 21:37.910]  These are some additional questions that you can ask.
[21:37.910 --> 21:41.190]  And again, you can tell your questions on how much information,
[21:41.390 --> 21:43.050]  you want as well.
[21:43.230 --> 21:47.810]  So for example, why did some of these questions might be,
[21:47.810 --> 21:50.490]  why did the entire security team all leave?
[21:50.490 --> 21:52.510]  Is this a new security team?
[21:52.510 --> 21:57.130]  Is the security manager who you will be reporting to, for example,
[21:57.130 --> 22:01.790]  or IT manager, why did he or she leave, for example?
[22:02.050 --> 22:05.470]  Other questions might be, again, remember it's all open-ended.
[22:05.830 --> 22:09.990]  How long has people specifically been there?
[22:09.990 --> 22:13.530]  It doesn't only have to be about your specific team as well.
[22:13.530 --> 22:18.030]  Especially think about, remember that you're doing your reconnaissance,
[22:18.030 --> 22:22.170]  doing your homework, doing your preparation, looking great as well.
[22:22.170 --> 22:27.290]  But making sure, one of the things you can do is,
[22:27.290 --> 22:33.370]  especially your open-ended questions is asking, not only who do you report to,
[22:33.370 --> 22:38.430]  but also ask about your manager or your security leadership team,
[22:38.430 --> 22:39.970]  who they report to as well.
[22:39.990 --> 22:44.050]  You can ask, let's say sometimes, just to give you an example,
[22:44.050 --> 22:47.150]  the security manager probably reports to, let's say, a CISO,
[22:47.150 --> 22:51.290]  or let's say the CISO or every security manager reports to a CISO.
[22:51.430 --> 22:54.570]  You probably want to find out who the CISO reports to.
[22:54.570 --> 22:58.770]  Is it the CIO? Is it the privacy officer? Is the CEO, etc.?
[22:58.770 --> 23:01.790]  It really depends. It's not a one-size-fits-all.
[23:01.790 --> 23:04.210]  That way, you can actually tell their questions and say,
[23:04.210 --> 23:07.370]  Hey, you won't ask it like that, but,
[23:07.370 --> 23:10.950]  Hey, how come the CIO was only here for this amount of time?
[23:10.950 --> 23:12.810]  Has there been some transition?
[23:12.810 --> 23:15.450]  Has there been some kind of reorganization as well?
[23:15.450 --> 23:18.430]  So, remember that it's asking back.
[23:18.430 --> 23:22.730]  It's not only asking questions, but you also want to find,
[23:22.730 --> 23:28.570]  this is your best opportunity to find if this is the right opportunity for you.
[23:28.870 --> 23:33.030]  And it is something that resonates with you as well.
[23:34.850 --> 23:37.630]  Next is really, this is something that I added as well,
[23:37.630 --> 23:40.490]  because I was just thinking of things of,
[23:40.490 --> 23:43.970]  Okay, what happens if you do all this and you still don't succeed?
[23:43.970 --> 23:49.930]  And don't worry, because this is always, it's kind of like,
[23:49.930 --> 23:52.790]  I think of it as like a date, I guess.
[23:52.790 --> 23:54.970]  If the date doesn't go, it all depends.
[23:54.970 --> 23:58.950]  So, when you're doing this, even if you do all this,
[23:58.950 --> 24:02.330]  these are, again, these are not a one-size-fits-all.
[24:02.330 --> 24:09.090]  But as you're doing this, obviously, these different strategies and tactics will help
[24:09.090 --> 24:14.490]  you as the individual job applicants become more successful.
[24:14.490 --> 24:16.950]  But remember that it doesn't always work.
[24:16.950 --> 24:23.390]  And again, especially these different companies, please don't despair.
[24:23.390 --> 24:24.690]  Try again.
[24:24.810 --> 24:29.030]  Even things that, let's say it's a company that you're really interested in,
[24:29.030 --> 24:34.170]  or organization, or et cetera, or it's a great opportunity, the best, don't worry.
[24:34.170 --> 24:37.370]  And again, I think I won't quote it,
[24:37.370 --> 24:41.530]  but there's been many security professionals and engineers where
[24:41.530 --> 24:47.370]  their first choice isn't always the choice that it was set out to be as well.
[24:47.370 --> 24:50.290]  So, take this as like a grain of salt.
[24:50.290 --> 24:54.690]  But again, learn from what you've done, lessons learned, et cetera.
[24:55.290 --> 24:58.630]  You know, more interviews also gives more experience and confidence.
[24:58.630 --> 25:03.430]  And also remember, and again, it also depends on the organization as well.
[25:03.430 --> 25:09.510]  Some organizations, based on how you interview, you will get kind of like a very...
[25:10.870 --> 25:14.030]  could be like a vague summary sometimes.
[25:14.130 --> 25:17.910]  But some of the organizations, if you ask nicely as well,
[25:17.910 --> 25:20.330]  especially with your thank you notice as well,
[25:20.330 --> 25:25.730]  you can also get some feedback on what were some of the feedbacks,
[25:25.730 --> 25:30.330]  things that were a pro that worked really well,
[25:30.330 --> 25:33.170]  and things that did not work very well as well,
[25:33.170 --> 25:36.010]  based on the different interviewers as well.
[25:36.010 --> 25:40.110]  And again, at first, you don't... just like that other song, right?
[25:40.110 --> 25:42.330]  I think it was from Aaliyah, I believe.
[25:42.330 --> 25:45.890]  At first, you don't succeed, try again as well.
[25:45.990 --> 25:49.390]  But take this as a, you know, take this as a learning experience
[25:49.390 --> 25:52.770]  and know that you won't always be successful.
[25:52.770 --> 25:56.750]  I've known people at... when they actually applied to Google,
[25:56.750 --> 26:02.570]  some of these really, you know, really great organizations as well,
[26:02.570 --> 26:05.770]  or brand name recognition, they didn't get in.
[26:05.770 --> 26:08.650]  And then, of course, they didn't... they tried three times, they didn't get in.
[26:08.650 --> 26:14.430]  But, you know, after either through a merger position, for example,
[26:14.430 --> 26:17.010]  they actually ended up being at the same company, etc.
[26:17.010 --> 26:22.230]  So, I also want to say here is that don't burn your bridges as well.
[26:22.230 --> 26:27.450]  Again, obviously, treat people as you would like to be treated as well.
[26:27.450 --> 26:34.470]  And again, companies may not give you all the feedback that you may want to hear as well.
[26:34.470 --> 26:38.390]  But again, remember from those open-ended questions, etc. too.
[26:38.550 --> 26:43.130]  And usually, remember what I mentioned about like making a risk assessment
[26:43.130 --> 26:48.790]  on the interview or the company before you actually interview with the company?
[26:48.790 --> 26:55.430]  You can also have like make a grade and a risk assessment in terms of the grade around
[26:56.390 --> 27:00.350]  how your interview went with this interviewer, for example.
[27:00.350 --> 27:04.230]  Would you work well with him or her or the team, for example?
[27:04.230 --> 27:05.810]  Would you not work well as well?
[27:05.810 --> 27:09.110]  So, you can kind of get a good example.
[27:09.110 --> 27:12.850]  You know, again, it's probably only just from your own perspective.
[27:12.850 --> 27:15.250]  You probably want their perspective as well.
[27:15.250 --> 27:18.230]  But it gives you a good overview and a good
[27:19.990 --> 27:23.290]  remembrance of what happens during the interview as well.
[27:25.170 --> 27:27.870]  Now, just kind of like putting it all together.
[27:28.790 --> 27:32.410]  Remember that, and again, this is not a one-size-fits-all at all.
[27:33.470 --> 27:39.810]  Really, and again, these probably can be done in different steps as well.
[27:39.810 --> 27:41.750]  It's not like step one, two, or three.
[27:41.750 --> 27:46.290]  But I really believe that, you know, preparing, having the preparation,
[27:46.750 --> 27:48.810]  having the preparation is key.
[27:48.810 --> 27:51.310]  Kind of like doing your homework, right?
[27:51.310 --> 27:57.310]  Just like the Patriot says, do your job, do your job, do your job.
[27:57.310 --> 27:59.790]  Preparation comes with preparation.
[27:59.790 --> 28:03.310]  Comes all the additional confidence that you have
[28:05.070 --> 28:09.610]  asking the different questions that you have for them as well.
[28:09.610 --> 28:15.730]  And also kind of reciprocating to see if it's the right fit for you as well.
[28:16.090 --> 28:18.570]  Number two really talks about looking great.
[28:18.570 --> 28:21.830]  And just looking your best as well.
[28:22.310 --> 28:26.830]  Wearing some kind of business casual, even though there's some other minimum requirement.
[28:26.830 --> 28:27.970]  Just looking your best.
[28:27.970 --> 28:31.430]  Doesn't matter if it's virtual or face-to-face as well.
[28:31.590 --> 28:34.590]  And number three, talking about the resume review process.
[28:34.590 --> 28:38.290]  This is probably beforehand and then, of course, afterhand as well.
[28:38.290 --> 28:44.070]  Because one of the things that I actually didn't mention, and so I have the paper.
[28:44.070 --> 28:47.530]  With your note-taking, you have the blank paper.
[28:47.530 --> 28:51.410]  You also have the open-ended questions that you have for the interviewers.
[28:51.410 --> 28:54.970]  But also under that, you also have your resume as well.
[28:54.970 --> 28:57.330]  Maybe you can have additional...
[28:58.030 --> 29:01.430]  Most of the time, the organization will always have the resume.
[29:01.430 --> 29:05.010]  But this is something that you can pull out so that you can reference as well.
[29:05.010 --> 29:07.530]  I've also known some other candidates where,
[29:07.530 --> 29:14.970]  especially when they're going for different positions or a higher-up position, etc.
[29:14.970 --> 29:18.690]  Or a position that's just out of their league, for example.
[29:18.710 --> 29:22.990]  Again, remember, it's about thinking outside the box, doing something different.
[29:23.070 --> 29:25.750]  Most people are going to bring their resume, etc.
[29:25.750 --> 29:27.070]  What can you do to bring...
[29:27.070 --> 29:29.130]  What can you do to do something different?
[29:29.470 --> 29:34.010]  A lot of people now, they actually bring in different presentations, actually,
[29:34.010 --> 29:35.690]  tailored to what they can do.
[29:35.690 --> 29:41.990]  Let's say if you're applying for a chief of a security officer position, etc.
[29:42.490 --> 29:47.650]  What makes you stand out that other people aren't doing?
[29:47.650 --> 29:51.310]  For example, that could be the difference.
[29:51.310 --> 29:53.950]  Or let's say a security analyst position, for example.
[29:53.950 --> 29:56.250]  Or someone more junior, etc.
[29:56.250 --> 29:57.330]  It doesn't have to be that.
[29:57.330 --> 29:59.210]  It's just showing the initiative.
[29:59.210 --> 30:00.610]  Showing that you're passionate.
[30:00.610 --> 30:03.690]  Showing that you really want to be part of this team
[30:03.690 --> 30:06.590]  and environment and company and organization.
[30:07.390 --> 30:10.770]  Let's say you're a junior security analyst, security engineer.
[30:10.890 --> 30:15.250]  Maybe one of the things that you can do is actually show some of the presentations
[30:15.250 --> 30:18.770]  that you've done in a very high level as well.
[30:18.770 --> 30:24.930]  And remember, you can remove all of the company names that you worked for before,
[30:24.930 --> 30:26.910]  as well, for privacy purposes, etc.
[30:27.170 --> 30:29.390]  But again, it shows the initiative as well.
[30:29.390 --> 30:31.270]  That's some additional things you can do.
[30:31.270 --> 30:36.230]  And, of course, that confidence is just really as you do more of your homework,
[30:36.230 --> 30:38.150]  as you prepare for it.
[30:38.150 --> 30:43.690]  Again, what I like to say is that don't just wing it as well.
[30:43.690 --> 30:46.870]  Don't just wing it because that never works for anything, right?
[30:46.870 --> 30:49.550]  In terms of interviews, etc., tests, etc.
[30:49.610 --> 30:56.670]  But I'm going to say that by doing all of these different recommendations,
[30:56.670 --> 30:58.450]  you will have more confidence as well.
[30:58.450 --> 31:04.890]  And you can also look at additional things that you might have additional questions about.
[31:04.890 --> 31:13.590]  Because remember that your open-ended questions are just going to be just some pre-canned
[31:13.590 --> 31:17.030]  questions so that you remember that you asked the interviewers about.
[31:17.030 --> 31:22.350]  Maybe when you go to the interview, for example, you see something in the queue, right?
[31:22.350 --> 31:30.350]  Again, it's not just about pre-canning and then doing your open-ended questions.
[31:30.350 --> 31:35.310]  When you're also interviewing, you're going to see the physical location, etc.
[31:35.310 --> 31:38.290]  Physical location, physical security as well.
[31:38.290 --> 31:41.250]  And you can also ask open-ended questions around that too.
[31:41.250 --> 31:45.890]  For example, where I'd be working in this area, what floor, etc.
[31:45.890 --> 31:47.850]  Where does the IT work?
[31:47.850 --> 31:50.870]  Where do the other teams work at, etc.
[31:51.510 --> 31:55.550]  People will be working remotely and other things too.
[31:56.270 --> 32:00.230]  Next is the fifth one is about note-taking.
[32:00.230 --> 32:04.630]  Again, I'm not going to stress that, but just remembering what you talked about,
[32:04.630 --> 32:08.990]  what you're going to say, your open-ended questions, anything else that you want to
[32:08.990 --> 32:14.010]  follow up on from the interviewers to the interviewing for yourself.
[32:14.010 --> 32:20.850]  And also it serves as like a great thank you sum up note-taking based on it,
[32:20.850 --> 32:23.990]  mentioned and talked to the interviewers.
[32:24.050 --> 32:26.050]  Next one is asking back.
[32:26.050 --> 32:32.090]  And I won't stress that, but really just, again, give and take, not only answering questions,
[32:32.090 --> 32:35.370]  but what you see during the interview, what you see during the phone,
[32:35.370 --> 32:38.010]  what you see during talking to different people.
[32:38.010 --> 32:39.990]  You can ask those open-ended questions.
[32:40.810 --> 32:45.610]  And last but not least, obviously, with all these strategies and recommendations,
[32:46.910 --> 32:53.390]  everyone won't be successful or probably, you know, using these different strategies
[32:53.390 --> 32:56.770]  won't be successful. So keep trying.
[32:56.770 --> 33:04.630]  Don't, again, I think the main thing here is just really trying again and know that it's,
[33:04.630 --> 33:11.470]  even if it didn't work out, there's always going to be a better or more challenging opportunity
[33:11.470 --> 33:14.490]  as well. And things happen for a reason as well.
[33:14.490 --> 33:22.890]  And things may not be meant to be, for example, things like that.
[33:22.910 --> 33:28.570]  And other than that, just wanted to specifically get any questions.
[33:28.670 --> 33:32.990]  I'm on Twitter, WR0. If you have any questions specifically,
[33:32.990 --> 33:37.130]  you can also email me at websec or at gmail.com.
[33:37.130 --> 33:42.390]  And also all of these presentations will also be shared on my GitHub account as well.
[33:42.390 --> 33:44.030]  So thank you very much for your time today.
[33:44.490 --> 33:45.430]  Thank you.
[33:45.430 --> 33:53.610]  Roy, really great step-by-step laying out what people need to do for, excuse me,
[33:53.610 --> 33:58.970]  to what people need to do preparing for their interviews. It's really great.
[33:58.970 --> 34:04.190]  I think that everyone really needs to have that kind of checklist that you just laid out,
[34:04.190 --> 34:07.650]  mainly because we get very nervous and get anxious
[34:08.250 --> 34:11.630]  about preparing for interviews or doing the interviews.
[34:11.630 --> 34:15.490]  So having a really great checklist like this is very helpful.
[34:15.490 --> 34:20.610]  I really liked your suggestion. We tend to work a lot off of our
[34:21.230 --> 34:24.690]  electronic devices, but actually having the notepad
[34:24.690 --> 34:28.290]  when you're in the interview to take down notes, I think that
[34:28.290 --> 34:33.550]  causes us to slow down a little bit because many times when we're in an interview,
[34:33.550 --> 34:38.250]  we're nervous and having something that slows us down is really great.
[34:38.250 --> 34:41.510]  I also think it's really great, one of the points you brought up about
[34:41.510 --> 34:48.130]  being sure that you bring into the interview the resume that you submitted for the job
[34:48.130 --> 34:53.730]  so that you can talk from that resume. We've talked in other sessions about
[34:53.730 --> 35:00.530]  making sure you have resumes that are customized to those specific jobs that you're applying for,
[35:00.530 --> 35:04.390]  but it's also helpful to make sure that you brought the resume with you
[35:04.390 --> 35:06.610]  that you submitted to that job.
[35:06.610 --> 35:11.050]  So really great points. I know we're going to have some questions in our Discord channel.
[35:11.130 --> 35:14.410]  Thank you so much for being part of the Career Hacking Village.
[35:15.030 --> 35:17.170]  Take care, Roy. We'll see you around on Twitter.
[35:17.990 --> 35:21.230]  Yeah, thank you so much. And I look forward to your presentation as well, Kathleen.
[35:21.590 --> 35:23.410]  Thanks. Take care. Bye-bye.
[35:23.410 --> 35:25.130]  Take care. Have a good one. Take care. Bye.
